Terrible reporting about iPhone security leads to people being less secure. Great job, media!

Terrible reporting about iPhone security leads to people being less secure. Great job, media!

Yesterday I received an email from a reader who, despite wanting an iPhone 5s, decided she wasn't going to get it after seeing an article about Touch ID being "hacked" and deciding it wasn't safe. I heard from another reader who saw a similar article and so decided to turn off Touch ID. Not replace it with a strong password, mind you, but simply turn it off and go back to nothing. They were by no means the only people who've been confused, misinformed, and ultimately hurt by the nonsense that's passing for technology reporting when it comes to iOS 7 and the iPhone 5s. It's some of the dumbest I've ever seen, and it's in an area that's so important it demands the least amount of dumb journalistically possible. Here's the truth about iOS 7, the iPhone 5s, and Touch ID:

  1. Convenience and security sit at opposite ends of the spectrum. The more convenient something is, the less secure, and vice versa. You can't have both.
  2. iOS 7 contains a lot of new features to increase convenience or security. It's up to us, the users, to choose which one is more important to us at any given time.
  3. Conveniences like Lock screen access for Siri and Control Center are easy to turn off.
  4. Security in the form of long, pseudo random passwords are easy to turn on.

Here are some examples of the convenience vs. security spectrum:

  1. Unlocked iPhone can be accesses by anyone, at any time, put in Airplane Mode, used to play Candy Crush, whatever.
  2. iPhone with Siri and Control Center accessible from the Lock Screen but protected by Passcode can be put in Airplane Mode, but can only be accessed by someone with the time and inclination to spy or otherwise ferret out your 4 digit code.
  3. iPhone with Siri and Control Center accessible from the Lock Screen but protected by Touch ID can be put in Airplane Mode, but can only be accessed by someone with the skill and determination to make a workable fake fingerprint.
  4. iPhone with Siri and Control Center disabled from the Lock Screen and protected by Touch ID or a Passcode can't be put in Airplane Mode but can be accessed by anyone who can make a fake fingerprint or spy out the Passcode. (It can still be put into a radio-proof container or room, or simply shut off until it can be placed in one.)
  5. iPhone with Siri and Control Center disabled from the Lock Screen and protected by a long, strong, pseudo-random password can't be put in Airplane Mode but can be accessed by anyone who can trick, intimidate, extort, or otherwise socially engineer the password.
  6. Any of the above kept in a lock box, safe, vault, etc. would require the container be accessed before the device.

Since most people aren't high level threats, and since the iPhone is a consumer electronics device, Apple start off towards the convenience end of the spectrum. Siri and Control Center access from the Lock screen are turned on, and a 4-digit Passcode as default rather than a complex alphanumeric password. Anyone who wants more security can turn off that access and ramp up that password. It'll make their iPhone far less convenient, but it'll also make it far more secure.

But never forget this: If you have an iPhone, someone, somehow, can gain access to it if what's on it is valuable enough and they want that access badly enough. The only real way to protect something is not to have it.

If you're considering an iPhone 5s, don't let nonsense non-stories deter you. If you've already got one, don't get fooled into turning off features that, overall, provide a good balance of convenience and security. If you're concerned about security, get your phone, and enable the features that let you do what you need to do as securely as possible.

Then go back to the dumbass sites that mindlessly propagate this kind of stupid and demand better from them. Or just block them and hang out here on iMore.

Either way, they'll go where your clicks/taps are.

iPhone 5s

iPhone 5s
Apple's current flagship iPhone with a 4-inch in-cell display, LTE 4G, and BT 4.0 LE. New features include:

Complete review >

Released
September, 2013

Alternatives
iPhone 5c, iPhone 4s

Replacements
iPhone 6 (rumored)
Fall, 2014

Resources
Buyers guide
Help forum

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, Vector, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts

 

70
loading...
0
loading...
296
loading...
0
loading...

← Previously

Skype to add synchronized messaging, battery conservation in coming months

Next up →

5 ways to increase security and privacy of your iPhone or iPad

Reader comments

Terrible reporting about iPhone security leads to people being less secure. Great job, media!

109 Comments

Bravo Rene... Bravo I say! People just read to much these days on the net for there own good sometimes! Not everyone gets these issues only a handful does, then it gets blowin' out of proportion! I personally never hand any of these issues myself!

Right from the start I was saying that "hacked" was the wrong word to use for this exploit: TouchID was "spoofed" rather than hacked. This can be argued on semantic or dictionary-quoting terms, but it was clear from the start that many people would hear the word "hacked" and be frightened off security altogether -- and that's exactly what happened. iMore itself used "hacked" in its headlines and articles, and despite the good stuff you've published about this topic you've contributed to this very problem. If your own headlines had said "TouchID fooled by false fingerprint" or "TouchID deceived" or "TouchID not foolproof" it would have been more accurate and less prone to being misunderstood.

"If your own headlines had said 'TouchID fooled by false fingerprint'..."

http://www.imore.com/touch-id-fooled-not-hacked-lifted-fingerprint

Peter, look again: I'm in the comments section on that very post agreeing with you! I'm well aware you got it right, but other articles here on iMore were far less precise about terminology.

One thing Apple really need to enable, is the option to need to input your password if you're turning off the phone.
Doesn't matter what security you enabled, if the thief can simply turn off the phone, it's gone forever. You'll never be able to track it and you won't be able to erase it.

That is enabled now. If the phone is turned off, or if the phone is not used for a period of time, or after a couple incorrect finger reads, the pass code is requested.

As far as security, ever stand in line and watch someone unlock their phone? Secure code? I would rather use my fingerprint and take my chances on some Dick Tracy cracking it if I loose it. Anyone stupid enough to worry about it needs to go back to pen, paper and a feature phone.

I've thought a lot about that. I agree, but DFU mode would still be present. It would stop only the more casual of attacks.

Even in DFU mode the iPhone is locked until the correct iTunes password is entered as long as Find My iPhone is turned on. You can wipe the phone but you can't reactivate it.

"if the thief can simply turn off the phone, it's gone forever. You'll never be able to track it and you won't be able to erase it."

Now replace "turn off" with "wrap in tinfoil", or "place into a small metal container" and you'll see why requiring authentication on power down can only decrease convience while offering little improvement to security.

Cool post regarding your state of mind!

Only one thing is the problem; having myself being misinformed a few weeks ago, I searched all over the web for the truth (as I always do) and found that the material and time needed to copy one fingerprint was something likely no ordinary people could do. This is exactly what is missing.

As I read it, it seems like the steps to make a fake fingerprint is easy, as nowhere do you mention it is somewhat VERY difficult and not common practice.

Very true. In all these examples people are taking samples of their perfect finger print. It's very difficult to get yourself a perfect, non-partial print. Some sites saying things like "...what better place to get a print than the iPhone screen itself..." which is ridiculous. Your smearing the oils everywhere, that's not going to be easy. And what if a right-handed user decides to to use the pinky on their left hand? I doubt you'll be pulling a print for that finger anytime soon.

Ha Ha, Apple was the media darling for decades and they are still treated much more fairly than Microsoft.

Get used to it Rene, this is the decade of Google, they will be media darling and fanboys darling for years to come.

Ya.. We are really going to put our trust in Google, when all they want from us is all of our personal information so they can pimp it. No thank you.

PapaDaveP, you are so right. I wold never use Android for the shear fact that no one can prove to me that the free Phone OS that it is doesn't poach any if not all the information that I put in the phone.

I do not trust Google!!!

Etios, WTF? Apple the media darling? Maybe in a parallel universe, but not the planet (or universe) I am from. Apple may have had some good press here and there.

There are many smart people on the web than can often crush the misguided attempts and link bait and page clicks, however Apple has never been a media darling, though I guess Jobs did get some sympathy from the media when he died...

If history repeats itself, then I am actually okay with slamming Google with plenty of class action lawsuit in 5 years similar to what Apple is going through now. I mean, I disagree with most of these stupid lawsuits (e.g. in-app purchases), but hey, I also don't mind getting a $5 iTunes card for absolutely no reason either : ) just a thought.

So yes, let google be the media darling now, I think it's their turn to have their cash cow get milked with pointless (??) lawsuits, LOL!!!

Because all the mainstream media reported on the story of the fingerprint reader being tricked by a fake one yet never stated how hard it is to accomplish the such an undertaking. Add to this most people don't go any further find you for themselves about the details from other sources except of other mainstream media.

"They were by no means the only readers who've been confused, misinformed, and ultimately hurt by the incredible bullshit that's passing for technology reporting..."

This in a nutshell is the food of the page click on the net. Ignore the sights & rely on good, objective sites that have credibility to report the facts & not the FUUD.

"Then go back to the dumbass sites that mindlessly propagate this kind of stupid and demand better from them. Or just block them and hang out here on iMore."

The better advice is to ignore them & point people to the 'real' information directly from the source & places that aren't spouting off for those all important page clicks.

The main street print & TV media likes sensationalizing these types of "hacking" stories especially when it concerns Apple. Unfortunately most people do not read tech savvy sites that do more in depth reporting and follow ups on these stories. Good post.

Rene,
You can't fix stupid.
And you can't change human nature - cheer the underdog, and drag down the leader.
Accuracy has never been as important as sensationalism when it comes to the media.

So true, kind of reminded me of people who are can't think but depended on what Maps tell them to do, I meant the ones who drove to the airport thru the runway.

You must be joking. Look at what the media has done and continues to do to BlackBerry. The media still very much loves Apple. I think they run these few stories against Apple to gauge response or to avoid being called out for favouring Apple.

Welcome to the 20th century, you're a little late to recognize this!! Funny to watch these liberal types get upset at a media doing what the media does.

TouchID with get this, a twenty character password. Random. Done. Not sure why anyone would use the 4 digit PIN with TouchID. It provides the convenience, 20+ random character password provides the security. Apple needs to have the set up screen for the long password and suggest that they use a random 20+ character password. Explaining this on the set up screen would put rumors to rest.
4 digit PIN's are easy to crack.

Also, there has been NO HACK of TouchID.

While that is true - never use a lousy 4-pin passcode - if you were to be a victim of a fingerprint spoof, and they successfully created a fingerprint (and the phone has not been restarted), then your strong passcode will not save you.

What freaking planet do you live on? A twenty character passcode every time you want to unlock your iOS device? Do you know how many times a day people pick up their phones or tablets? Do you have any idea what it would be like to take out your phone and type in a TWENTY character passcode just so you could ask Siri where the Sushi bar was? Just the four digit PIN alone causes a majority of people to turn locking off all together. Touch ID is supposed to make it easy for those people to at least have some security.

The poser techie mindset is unfathomable. Where does a mind like this come up with 20 character passcodes? And random at that? How, exactly, is a normal user supposed to remember a 20 character, randomized passcode? Most don't even know their social security number.

The mind boggles at such reasoning.

It wouldn't take long to use the fingerprint scanner to skip having to do a 20+ character password. I used a 15 character pass code on mine specifically because I could use the fingerprint scanner to skip typing it most of the time.

I would think a 10 character semi random passcode would be sufficient for most needs. If the hacker or thieves have the device, you are pretty much hozed anyway - barring a timely remote wipe.

IF you are targeted because you have (or should have) a lot of valuable, "sellable" information, then you probably need something extra.

As with backups, how much is the data worth to YOU? What would it cost YOU to recreate this (if that is even necessary)? What could people do to you with this data ... or what could they do to your family ... or your company? Why do people assume that if you are doing nothing illegal you have nothing to hide? Why does every other person have a simple mind? Why are YOUR tax returns public knowledge?

Great article. In the end, security, no matter how many features your phone might have, is up to to the user and how careful he/she is with the device and the info it handles. So, it's about being careful, that's all.

My only concern with it was that I really wanted to share your article to the smartphone users I support at work but, alas, not allowed to spread that kind of language around in a corporate environment. Nice, honest write-up though.

I understand the use of language when you are passionate about something. I imagine Rene gets asked about security issues often and the lack of security is scary :(

I did a random poll of people asking what passcode system they used for their smartphones. I was shocked that 17 out of 40 people said none at all. The 23 that had security did all think that my iPhone5s fingerprint scanner is something they would like to save time.

What made me just shake my head and wonder is that these people all have sensitive information for others on their phones via email. Then what made me get upset is that only 6 of the people without a passcode had any idea how to remotely wipe their phone. This all made me say WTF is wrong with people they don't understand the necessity of security.

If you are too lazy to enter a 4 digit code then just don't check your phone every 5 seconds or get the iPhone5s.

Well put. Been having this argument with people for days. Now I'll just send them here!

There is nothing like someone who has NO PASSCODE on their device telling me iPhone 5s isn't safe! It's not like I have the nuclear launch codes on this baby...I just don't want anyone punking my Facebook account!! Or heaven forbid I misplace it being able to wipe the phone in about 90 seconds. I also don't really want to have to input a passcode every time I tweet. Touch ID is not 100%....but it is a great balance of convenience vs security.

Thank you Rene for your article and thank you apple for your security measures!!

Too bad iMore is also full of silly link bait articles too. There is a lot of good stuff here too but don't act like its that much better than the others Rene.

In the zeal to blame the media, you neglect the actual issue with Touch ID -- or really, with any security mechanism, and that is simply this:

- Training users to rely only on a single I nsecure mechanism can be lead to greater harm than no mechanism at all.

Counterintuitive but true, for this simple reason. A user with no lock at all on their device is far more likely to pay attention to the physical aspects of security, because she knows that her vigilance is her only line of defense. A user who has a vendor-provided mechanism (be it biometrics, a RSA key, or whatever), is far more likely to be careless with her own responsibilities w.r.t security, because it becomes easy to treat security as the vendor's job, and, after all, the vendor has taken care of it. It's not bullshit -- it is simple human nature to relax when we think somebody else has taken care of us.

Now, you can argue that Apple has never positioned TouchID as something that handles security so users do not have to, but that claim is belied by Apple's own features page ( http://www.apple.com/iphone-5s/features/ ). Quoting as of October 4, 2013:

"Entering a passcode each time just slows you down. But you do it because making sure no one else has access to your iPhone is important..... [Touch ID is] a convenient and highly secure way to access your phone. Your fingerprint can also approve purchases from iTunes Store, the App Store, and the iBooks Store, so you don’t have to enter your password."

That certainly sounds like Apple is trying to train users to rely entirely on Touch ID. That *may* not Apple's direct intent, but that is how a large number of users will interpret it; certainly most, if not all, of the "for the rest of us" crowd Apple serves will think that, with Touch ID enabled, their security already "just works", and their personal security responsibilities end.

And *that* is the problem the articles you decry as bullshit are trying to illuminate. Security is a personal responsibility, not one that you can outsource to a third party.

Edit: forgot word "single"

I think you haven't spent any time learning about TouchID. First, are you claiming that TouchID is not highly secure? For nearly all purposes it is. It is certainly more secure than a 4 digit passcode. Like most security features it can be bypassed with enough skill and resources but nearly all iPhone users are not going to be subject to the kind of attack that TouchID will not thwart.

Second, you can't use TouchID without some sort of passcode in place. There are many situations where the passcode is required before TouchID will work. So your implication that users can ignore their security responsibilities is specifically prevented by using TouchID.

So, in all ways TouchID increases security and requires users to take at least a bit of responsibility for their own security. I don't see where you can have a real complaint unless you haven't studied how Apple implemented TouchID.

Sigh. Missed the point completely. Any security measure can be defeated or bypassed, and the way Apple is positioning Touch ID is encouraging users to think of it as the alpha and omega of their precautions. That is the problem, and the articles Rene is slamming mainly serve to remind readers that no measure - not even one made by Apple - should be your sole measure of security.

Sent from the iMore App

Dev from tipb has missed the point. IF Apple were saying TouchID is the "alpha and omega" of security, then why would there be a backup passcode? Why would this backup passcode be required for certain things?

I skimmed the articles on the finger print copy - and surmized that these people have some unusual equipment on their hands and a lot of time. Certainly the equipment is not all that unusual and people and thieves are opportunistic, yet sometimes the articles make people think that these security features makes a phone less secure than no security at all ... or that maybe Android is some how more secure with its 'picture' recognition software or its Google AdClicks marketing/monetizing software ...

Then again, maybe security will save RIM/BlackBerry? ...
I guess after BB, only Apple and Microsoft offer secure mobile computing/communications systems - at least it is in their interest to offer this in their product(s) - as far as the NSA will allow.

If there was true two-factor authentication -- requiring both fingerprint and passcode to get into the phone -- you would have a point. If Apple was not marketing Touch ID as something to use *INSTEAD* of a passcode, you would have a point. But there isn't, they are, and you don't.

Dev - first off it is a fucking phone.
Secondly, if you have something so private or information so secretive then it doesn't need to be on a phone.

Yes there are those that conduct business on phones and have been for a long, long time.

That said, those nitwits out there that follow the MSM are fricking clueless. They are the very MORONS that text while driving. The BOOBs that take endless selfies and post all over the place.

Most don't take the time to even dial their stupidity in to even THINK to learn ONE aspect of their phones.

Apple can't BABYSIT each asshat out there that ISN'T MATURE enough to take PERSONAL responsibility for their privacy, let alone a decent password for that matter, not only for their phone, but computer, pin codes, etc...

These are the lemmings that BITCH about being reminded to change their login and passwords at work by their IT department, yet complain that the coffee mug holder on the side of the computer won't go back in.

A for illuminating... How do you illuminate a DIMWIT light bulb.

THEY ARE WHAT THEY ARE. And in a DUMBed down society, the weak shall perish...

Orealy, you so make a good point. They are also liberals that think they should get free healthcare and phones. LMAO!!!

"Apple can't BABYSIT each asshat out there that ISN'T MATURE enough to take PERSONAL responsibility for their privacy, let alone a decent password for that matter, not only for their phone, but computer, pin codes, etc..."

That is precisely what they are trying to do with their marketing of Touch ID.

I speculate that the vast majority of people concerned with iPhone 5S security are concerned the fingerprint ID is not as secure as passwords, based on reports of the "hack." The discourse on security and convenience is nice, but it might have been more useful to start the rant with expelling that myth. Some people think it is very easy to copy a fingerprint that can be used to unlock the phone, and I understand that this is not at all the case. There was even fear spreading that someone's finger could get hacked off by thieves who would then use the severed finger to unlock the phone. Apple tried to knock down this stuff, but, from my reading of various comments sections, has not been very successful. I believe Apple even said the "severed finger" trick wouldn't work b/c the ID screen only recognizes live tissue.

I don't have much skin in this game, since I'm in Android world. But I do think there is value in dispelling myths about fingerprint ID, which I expect will eventually become standard in mobile phones. If consumers don't trust it, however, the technology's spread will lag.

The most important point that people do not grasp is that when the 'fingerprint' scanner was made to believe that the fingerprint was a real finger from the person that owned it there were some very obvious flaws in their demonstration.

While they got a 'pristine' fingerprint from the relatively clean screen of the iPhone 5S the used in normal every day use, take a close look at your phone and iPad screen. It is a mass of mixed fingerprints, smudged and blemished.

Now take into account that these people aren't going to go up to you and ask for your device, let you drop it into a baggy and then carefully carry it back to their 'workspace'. They are going to steal it. The screen will be covered with a multitude of fingerprints now mixed with their fingerprints. They won't carefully slip it into a bag to protect the surface of the phone they will put it quickly into a pocket, smudging further those prints and adding further more of their own when it is retrieved.

Now if they had demonstrated a 3rd party owned iPhone that had been used continuously and was then taken in the normal manner that a thief would and then they tried to glean a good print off the device and make a 'fascimile' of the finger print and then opened the device it would have been impressive.

Instead the media inflated the claim, made it sound like it was really a simple task. The methodology is not simple, the tools required are not something that you have laying around the office and the conditions that the demonstration were not adequate to demonstrate a real life event, instead it demonstrated the 'best possible conditions' with a device that had a history known to the demonstrators.

In the demonstration they made a huge nice perfect thumb print on the screen of the iPhone. Try as my might but in normal handling all I can show is a smudged fingerprint that would not be suitable because most people tend to move the phone in their hand.

Similarly, if you go back to those Mythbuster episodes where they 'spoofed' a fingerprint scanner they used a 'pristine' fingerprint exemplar.

Of course if you were to 'claim' about cutting fingers off. So far I haven't heard a report of a finger being cut off to get access to someone iPhone and there has been plenty of time for it to happen.

As for other security features. An iPhone 5S is just as secure, or more secure than an iPhone 5, 4S, 4, etc and equally or more secure than most Android AND Windows based phones.

All have security issues, as much as they would claim to be totally secure, if the focus was put on breaking security features on them the way that the focus is placed on breaking Apple security features then I believe that the issues with Security are inflated and overblown and for some reason it is newsworthy to report security problems on Apple devices while it is a non-event for Android devices (but of course it is far easier to have a single Brand name than list a slew of devices in a report).

Totally to Rene's point. And I've always thought myth busters' pseudo science was more annoying and entertainment than science or informative.

I just shared this with the comment "Amen to that." Unfortunately the vast majority of people are not tech savvy and are fooled by the same crackpot reporting and internet urban legends that have been fooling them for years.

I'm not a fan of iPhone, but still the fingerprint scanner is pretty impressive. When it was hacked I was hardly surprised as this technique is used on all other fingerprint scanners. The fingerprint scanner puts a lot more load on the hacker than the simple 4 digit code. Surely if anyone wants to steal your phone so badly as to build a fake finger, he could also easily steal your 4 digit pin too. IMO the fingerprint scanner is far better option than the pin code.

No offence Rene, but you are almost just as bad when reporting about Google and security. Pot, kettle, black and all that. That said, I doubt this will have any impact on the 5s sales.

Eh, bad tech reporting affecting product perception? Welcome to BlackBerry's world . . .

You are absolutely correct (not that you need anyone to tell you that), and I've always said if anyone wants to go thru all the effort to lift a fingerprint from me and make a fake, they can have whatever's on my phone as it will not be worth it . . .

By the way, what does male bovine feces have to do with this . . ? ;-)

"revtech says:
Oct 5, 2013 at 2:55 pm - 1 day ago
Eh, bad tech reporting affecting product perception? Welcome to BlackBerry's world . . .
...
By the way, what does male bovine feces have to do with this . . ? ;-)"

I suppose that is rhetorical, yet I would say they both stink? I guess only the flowers and plants like BS.

Willful ignorance is often annoying... yet sometimes this is worse.

My beef with iOS 7 on my 4S is the increased size of the passcode buttons. I used to use a longer than 4 digit unlock code, but now after the update, the "ok" button was really far away from my left thumb, which is how I normally unlock my phone. I've had to switch back to a 4 digit code because the physical discomfort of having to constantly change my hand position just to hit that now out of reach button.

That's just silly. The 4S' 3.5" screen can be reached entirely. Switching back to a 4-pin is inappropriate.

Are you really dumb enough to call someone inappropriate for having a thumb that doesn't comfortably reach the corner of the the phone?

Oh stop, you're being silly. If you had said a 5/5S, we could entertain the issue, you're just being argumentative.

No reason to get upset, you're simply overreacting. Similar to how you overreacted when reverting back to a 4-digit pin code.

I've done nothing but present my opinion. Since my opinion, you've done nothing but call me names, while sitting behind your keyboard. Have some class and make a point, or leave the blog.

Calling someone "silly", "inappropriate" and "argumentative" isn't giving your opinion or being classy, it's trolling. Either you're a troll and you know this, or you're just a douchebag.

The convergence of marketing, journalism, and entertainment is complete.
Pure online "journalism" can't generate enough clicks to support itself.
So sponsors with products to sell end up supporting online "journalism."
And controversy and outright stupidity add quite a bit of entertainment value.
The click is all that matters. Accuracy, cross-checking, etc. are all dead.

The mainstream news establishment is a disaster when discussing technology. They usually shuffle personnel from other departments to handle the subject instead of hiring a really knowledgeable individual. I ignore their reports and usually just go to a specialized tech site instead.

Anything can be hacked. Any security is better than no security. It amazes me how somewhat intelligent people believe just about anything they read. Any security is better than none, how much simpler can it be.

I read it on the internet so it must be true !

Can't say more right now, as I am late for my date with french model I met on internet.

Rene, this happens after the launch of every Apple product. Some people want Apple to fail. Therefore they have to find something to write about. Whenever I travel, I look to see what devices people are carrying at the airport. By far, iOS makes up the majority. Next time you travel, look for yourself. Bad journalists will write anything to get a story out there.

Sadly, too many people don't bother to think for themselves so they listen to the first person(s) to spout negativity and swallow it like it's gospel - because that is so much easier to do, for some reason.
I recently watched an "alert report" on one of our local news services which played up being able to exploit a weakness in iOS 7's lock screen to access the phone via Control Center - 1 day before 7.0.2 was released, mind you - but the whole segment was centered around pictures of the new biometric home button... It was very misleading and any who didn't know better wouldn't have known better as the reporter only broadcast the fear-and-doom of the potential issue. Never mind that the reporter never once mentioned that the whole issue she was reporting on could've been averted, at the time, by turning access to these conveniences in iOS's Settings. [face palm] So much for thorough reporting - sensationalism sells.
... I digress, and more to my point... I would expect that "smart phone" users would be more, well... Smart. This goes way beyond iPhones, though. 'Tis the nature of our "now" society, though, yes?

* Nice [poignantly frustrated] post, Rene. I can feel your pain.

xD

Conveniences like Lock screen access for Siri and Control Center are easy to turn off. <- So basically the two things I want most be turned off because iOS7 sucks???

That's like buying a wireless router and having to turn off wireless because it eats up your laptop battery. Now I have to use an ethernet cable to use my laptop. Completely stupid.

iOS 7 is a failure.

While writing about the media bashing iOS 7, how about the media only reporting negative things on BlackBerry? They definitely have a good OS in BB10, they just need some moral support instead of always being trashed, when they don't *always* deserve it.

Do people realize how much "sensitive" or personal information is being exposed? you put your whole life on facebook, store important information inside your smartphone...then you are being spied or hacked without noticing...bank accounts, numbers, pictures...now you expose your finger print?! Indeed the fingerprint serves for security purpose but for the identity thieves out there it just got easier. We don't know what happens when our stuff is being hacked or where it ends up...I don't think anyone wants to have their finger print photo copied, haha!

I dont have anything valuable on my phone, except for a few phone numbers and names. I try not to put anything valuable on it, and i dont really see the need of it. My phone stays with me at all times, then of course, i probably not the typical person to have a phone. I dont work or have that many friends so i really dont need security on it. But i would like security for it if i really need it, because it is an expensive phone and i cant really afford to replace it. I have an iphone 5, so there isnt that security stuff which is on iphone 5s, and seems to me like it is more of a hassle. Having all that security is probably safer in the long run, but having to do such much to protect your phone and keep it safe seems, seems like it is waste of time. Of course then again, i am not an important person or have million of fans wanting to know everything of me, so i dont really need it. I dont know how the security thing works, but seems to me like an overload if you need all that stuff to keep your phone safe. I want to get a iphone 5s eventual and see how that fingerprint thing and security thing works. It is an interesting concept, but it depends on how secured you are about your phone. Plus, i dont really like giving people my phone to play with, even though i used too, but my advice would be to use the security if you really feel insecure about the phone, and if it has a lot of confidential stuff on it. Be careful with your phone and carry it with you at all times, and watch it so nobody but you have it all times.

Great article. Like I said in earlier. Do not lay the phone down. I see it happen all the time in public places. Someone goes to the restroom, or goes to order more food, and the iPhone is sitting there unattended. I have walked by cars, and in very plain sight, is a phone lying on the dash being charged. You have a get together at your house, all your gear is on display. Use common sense. Use the security that the device has. Touch ID. Lock screens, two step verification, and keeping your iPhone with you, will prevent a lot of headaches in the future. By the way. "Find My Phone" turn it on. Do not fall for media hype. "We will never let the truth get in the way if a good story."

Sent from the iMore App

Am I the only person who honestly doesn't think they are remarkable enough for anyone to go to that trouble to break into my phone? I have a passcode on my device for privacy reasons. If I'm at work or whatever, I don't want someone to be able to pick up my phone and read my private conversations. That's pretty much it.

I certainly don't expect Sam Fisher to lift my phone, put it in a radio shielded box, then figure out my pass code by analyzing which buttons on the screen are hit most often to determine the code. Why? So he could post a message on my facebook or twitter account? If someone steals my phone they are doing it so they can try to sell it for as much cash as they can get at the shady pawn shop, I'm just not interesting enough for there to be another reason.

How would that prevent a thief from wrapping it in tinfoil? Or putting it into a small cocktail shaker? It wouldn't.

I really wish people would stop saying the phone saves a picture of your finger print. IT DOES NOT !

No photo is saved. the picture it takes codes some of the gaps skips and flaws in the ridge lines. This is encoded onto the secure portion of the A7 chip. the next time you touch the sensor the process is repeated and the encoded number is compared to the stored number.

For all those people worried about someone, not sure who, taking their finger prints. You do realize you had finger prints before the 5s came out. No one seemed concerned that your prints would be copied before.

The print scanner was added to the phone as a convenience. Since more than half the people were not using any passcode. Stolen phones could be sold because they could be erased and resold. If you properly use password and set up phone to not allow reuse the thief will wind up with a block of metal and glass. The print scanner makes using a passcode easier and quick enough to get more people using it.

If the phone is not accesses within 48 hours peint scanner will not work. You must use passcode. If phone is powered off. printscan will not allow restart, you must use passcode. If you set up printscan you have to set a passcode. The passcode is still the primary security process. Reading your print is quck way on top of the passcode security, not in place of it.

Thank you Rene for a great piece. It is amazing how the media worships Apple like its God. Apple has new Touch ID feature and every 'security' company and troll coming out of the woodwork to IMO put it down. My goodness use commonsense. So I guess the iPhone is the only phone in the world that is vulnerable to security breaches. Maybe another phone maker will come out with some newer form of a biometric scanner and they will jump on them. Thanks for the tips. I'm getting a 5s. Will I use the Touch ID don't know yet. But certainly not for the bullcrap that gets push for news in media

Sent from the iMore App

Bravo Rene. Crackberry Kevin has suffered "the incredible bullshit that's passing for technology reporting" for some time now. Both of you have done an excellent job of sorting the wheat from the chaff.

The media lies and exaggerates... just another day ending in "day"... quelle surprise - pardon my French...

Buddy of mine hasn't upgraded his iphone 5 to iOS 7 yet. He said he wants to wait until they patch the lock screen hack. Even after they released the patch. At the sametime, I'm thinking, wth? This dude is at work with his phone always by him and then goes home after. Who does he think is gonna hack into his phone anyway? Lol

Ahh the media, botching something else. We conservatives here is the US have been suffering this silliness for decade with false and misleading gotcha journalism. It's not going to change anything time soon the best we can all do is suffer through it and hope for the best.

Keep swearing I like how it F#%€¥k's off the righteous .... And you don't deserve an iPhone if you're dumb enough to turn off your security because it's not secure enough...

This reminds me of the Android Malware scares that keep popping up on websites. Its the same tactic. Just used to scared and increase clicks, but unfortunately as humans we react/overreact when frightened thus this type of thing will never go away. Just keep giving people sensible advice Rene.

Oh shame, Apple gets a little bit negative publicity and poor Rene throws a tantrum like a 2-year old.

It's when stories like this happen when apples popularity hurts the message. Touch ID is a huge breakthrough in consumer grade security. If you have touch ID enabled and find my iphone turned on the iphone 5s is a nightmare for common thieves to steal. People steal iPhones to resell not often are they stolen for the personal information that's on them. Unless you have something crazy like your credit card written out in the notes app or something. Touch ID makes unlocking your phone kind of fun. That is what Apple has accomplished they have made securing your phone feel like you are in a high tech spy movie.

Sent from the iMore App

Thank you Media is more like it, SHAME ON APPLE THAT YHEY MISSED THE BOAT ONTHAT ONE, BILLION DOLAR COMPANY REALLY REALLY

At some point common sense needs to be used. Which is easier? :
1. No password.
2. Having someone follow you. Pretending to use their phone but secretly video taping you enter in your password.
3. Getting a CLEAN picture/scan of your finger print at HIGH resolution. Printing it out at HIGH resolution on a laser printer (this is not a resolution standard on your normal consumer printer) then putting the right amount of silicon and moisture over the transparency. You then have to keep this in good shape or crack the underlying security passcode.

This is not a trick question. I even put them in order of "Hacking/Spoofing" difficulty.

Thank you Rene for telling it like it is! It is amazing how many of these nut job articles come out and mainstream media picks them up without actually doing a bit of verifying that the info is accurate. CNET has become one of the worst, though calling them mainstream media maybe a stretch at best! LOL